<?php

include("config.php");

session_start();

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
//session_register("mypassword");
$_SESSION['login_user']=$myusername; 
//header("location:login_success.php");


$arr = array('username' => $myusername, 'status' => true);

echo json_encode($arr);
}
else {
$arr = array('username' => $myusername, 'status' => false);


echo json_encode($arr);
//echo "Wrong Username or Password";
}

ob_end_flush();
?>

